Confused with api_password deprecation

I haven’t touched my HA config for a while.

I have the following config

http:
    api_password: !secret api_password
    base_url: URL
    ssl_certificate: PATH
    ssl_key: PATH

What do I need to change? Because we had already created new auth user (when it moved to it few releases ago) which uses a different password then the one mentioned in api_password

So do I simply delete that line? Or do I need to put the following in addition?

homeassistant:
  auth_providers:
   - type: legacy_api_password
     api_password: !secret http_password

http:
    api_password: !secret api_password
    base_url: URL
    ssl_certificate: PATH
    ssl_key: PATH

I don’t see using api_password anywhere else apart from the http line

You can just comment it out or delete it.

If you no longer need to use the api_password you can remove it.

If you still need it you need to move it under auth_providers then remove it from http.

Thanks for the confirmation guys… Probably will comment it out since I don’t think I use it anymore

After disabling it… I can’t login

WARNING (MainThread) [homeassistant.components.http.auth] api_password is going to deprecate. You need to use a bearer token to access /api/stream from
WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from

But the password is definitely different then mentioned in the secret. Means I am still using api_password??

It means you have something that is using an api password… Need to track that down and create a long lived token to replace it.

I have recursively grepped for “api_password” and where I could find it was

configuration.yaml: api_password: !secret api_password
secrets.yaml:api_password: PASSWORD
Binary file home-assistant_v2.db.old matches
.storage/auth: “auth_provider_type”: “legacy_api_password”,
home-assistant.log:DATE TIME INFO (MainThread) [homeassistant.components.discovery] Unknown service discovered: home_assistant {‘host’: ‘IP’, ‘port’: PORT, ‘hostname’: ‘Home._home-assistant._tcp.local.’, ‘properties’: {‘version’: ‘0.90.2’, ‘base_url’: ‘URL’, ‘requires_api_password’: True}}

So should I delete it from .storage/auth file and create new user? and from secrets.yaml

did you move it from the http section to the auth_providers section?

Yes I had as per the first post